1. Field of the Invention
This invention relates to a method of controlling access to a protected resource based on user attributes contained within public key certificates and proxy definitions. This invention also relates to a program product bearing software, which controls access to a protected resource based on user attributes contained in public key certificates and proxy definitions. This invention further relates to a computer system that operates to control access to a protected resource based on user attributes contained in public key certificates and proxy definitions.
2. Related Art
Before the advent of Public Key Infrastructure (xe2x80x9cPKIxe2x80x9d) technology, several techniques evolved to control the access of users to protected computer resources, such as corporate servers executing transactional programs or hosting databases. One method of protection was to prevent unauthorized access to the protected computer system by physical means. The simplest of these methods was to limit access to terminals communicating with the protected computer system. Another method was to prevent unauthorized access by not permitted physical network connections to exist between the protected computer system and public computer networks. Another method of protection was to implement automated access control systems on each protected computer system or protected server. While effective, these techniques have serious shortcomings that inhibit the effective use of computer resources. In the case of physical security methods, the opportunity to capitalize on the use of public networks, such as the Internet, to access protected computer systems is lost. Similarly, automated access control systems implemented at the server level are applicable only for that particular server. Consequently, the administration of access control privileges may have to be duplicated amongst several servers, which in turn leads to errors, inconsistencies, and ultimately, increased costs.
To take advantage of public networks such as the Internet and corporate Intranets, industry has adopted the security server approach to implement security measures. A security server is interposed between the protected computer resource and the client station, acting as the sole link between the resource and the client. The client can be directly connected to the security server, or it may be linked to the security server via one or more communications routers. In addition, the security server may protect single or multiple resources. The security server will establish a communications link between the protected resource and the client station if and only if the user is properly authenticated. The term xe2x80x9csecurity server,xe2x80x9d in this sense, encompasses security servers, firewalls, proxy servers and authentication servers. In addition, the term xe2x80x9cprotected resourcexe2x80x9d includes but is not limited to database servers, applications servers and transactional servers.
Coupled with the security server approach is Public Key Infrastructure technology. In PKI applications, a key pair (public key and private key) is used to provide strong authentication and encryption services. The key pair is associated with the user by the use of a xe2x80x9ccertificatexe2x80x9d containing the user""s public key, as well as attributes associated with that user. The security server establishes a link between a client station (or a communications router) and a protected resource by establishing a proxy. This proxy is activated only if the client station is properly authenticated. Typically, this client station authentication is based on submission of the correct password in order for the client station to access its private key, and on possession of the actual private key.
This invention relates to a method of adding an access control function in the security server based on attributes stored in public key certificates. Any attribute stored in the public key certificate may be used to control access to a protected resource via a security server.
According to the invention, a novel approach of granting or denying access through the security server is based on the value of an attribute. The method of the invention is such that a condition based on the value of an attribute is associated directly with the proxy in the security server. The proxy between a client station and a protected resource is established if and only if the requestor is authenticated, and the attribute condition associated with that proxy is satisfied.
According to the invention, a novel approach of limiting access to a protected resource through a security server is based upon the input and output addresses associated with a proxy definition. The method of invention is such that a condition based on the addresses can limit access only to a specific resource.